Monday

19th Feb 2018

Restaurants and hotels worried by EU data bill

  • Small business such as hotels oppose the European Parliament's draft data bill (Photo: Biblioteca de Arte / Art Library Fundação Calouste Gulbenkian)

Small businesses such as bed and breakfasts or cafes will have to hire a data protection officer (DPO) under new rules currently being fine-tuned by the European Parliament.

The parliament says any business that has 500 or more clients a year will require a data protection office to make sure data is secured and laws are being followed.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

But small and medium-sized businesses (SMEs) say this is an unwelcome additional expense in an economy where many are struggling.

The European Commission in its impact assessment report estimates that an SME would have to pay around €1,000 extra each year to have someone ensure protocol is met.

The commission had proposed exempting businesses with fewer than 250 employees from having to hire a DPO, but parliament scrapped the exemption and introduced the 500 clients threshold.

“The commission made an exception for SMEs and they had a reason for that,” said Marta Machado, a policy advisor at the Brussels-based Hortrec, an umbrella organisation for hotels, restaurants, and cafes in Europe.

An average SME in Europe has less than 16 employees. Many others have only one person.

German Green Jan Philipp Albrecht, the lead negotiator on the file at the European Parliament, amended the commission’s draft to include any business with at least 500 or more clients or "data subjects."

A data subject is anyone who has their data processed. Reservation dates, names, addresses and credit card details are among the data a hotel uses to process information on its clients.

Keeping those details in check and making sure they are properly secured is among the tasks of a DPO.

But Dora Szentpaly-Kleis, a legal advisor at the Brussels-based European Association of craft, small and medium-sized enterprises (Ueampe), told this website: “Our problem is not that he [Albrecht] changed the approach because it might make sense to link the number to the data subject but we have the impression that the 500 is a very low number.”

“How did they assess this number because there was no interaction on this issue between the rapporteur and us,” says Szentpaly-Kleis.

A parliamentary source familiar with the file said the number "was open to negotiation."

Germany only member state with data protection officers

Germany is the only member state that currently requires a DPO.

For almost 30 years, any company with at least five employees had to hire an outside consultant to review how personal data was handled. The employee threshold was raised to 10 in 2006 after a legislative reform on data protection.

Werner Hulsmann, a Bonn-based data protection officer who has been working as a freelance DPO since 2004, agrees there are some costs to small businesses but risk of a data breach or violation decreases.

The German experience is varied according to company type, size and whether or not it has locations in other countries.

A 2012 survey by the Bonn-based consultancy firm 2B Advice GmbH found that businesses with up to 50 employees spend just over €1,000 per year on a DPO. Cost increases to over €660,000 for companies with more than 50,000 employees.

The survey assessed 375 German companies, including 90 multinationals.

It noted that a large percentage of data violations come from simple negligence like leaving documents in a printer. Unsecured and unencrypted IT was another weakness. The unlawful processing of personal data was less frequently cited as a violation.

The survey also found that over 38 percent of all in-company data privacy officers do not feel sufficiently well informed well informed about data privacy violations within the company.

“It doesn’t matter how many people or employees work on personal data, they have to accept and follow the rules of data protection,” says Hulsmann.

Focus

The Acta debate - will innovation be stifled?

Opponents of Acta, the controversial anti-counterfeiting treaty up for vote in the European Parliament in July, say, among other things, that it would stifle innovation. Advocates say the exact opposite.

Baltic states demand bigger EU budget

The leaders of Estonia, Latvia, and Lithuania say in a joint letter that they are open to talks on creating "new own resources" for a bigger EU budget after the UK leaves the EU.

EU-Latin America trade talks move to 'endgame'

Senior negotiators in the EU-Mercosur talks will meet in Brussels on Friday to work out the technical bits of a possible trade deal, after top political officials gave the talks a final push.

EU in push to seal Latin American trade deal

In a race against the clock, EU commissioners and Mercosur ministers meet in Brussels to make concessions on beef, cheese and cars in preparation for an "endgame" in trade talks, ahead of Brazil's elections.

Draghi opens fire at US dollar policy

The European Central Bank chief has accused the Trump administration of breaking a decades-old agreement by "targeting" exchange rates to boost the US economy.

News in Brief

  1. Report: Daimler also cheated with diesel
  2. Bulgarian government condemns far-right march in capital
  3. Latvia's central bank chief under arrest
  4. Merkel: Nord Stream 2 pipeline poses 'no danger'
  5. Spanish king in Barcelona next week
  6. Turkey jails journalists for life
  7. Make budget cuts in farm and regional funds, the Dutch say
  8. UN: Hungary's anti-migration bill is 'assault on human rights'

Stakeholders' Highlights

  1. UNESDAA year ago UNESDA members pledged to reduce added sugars in soft drinks by 10%
  2. International Partnership for Human RightsUzbekistan: Investigate Torture of Journalist
  3. EPSUMovie Premiere: 'Up to The Last Drop' - 22 February, Brussels
  4. CESICESI@Noon on ‘Digitalisation & Future of Work: Social Protection For All?’ - March 7
  5. UNICEFExecutive Director's Committment to Tackling Sexual Exploitation and Abuse of Children
  6. Nordic Council of MinistersState of the Nordic Region 2018: Facts, Figures and Rankings of the 74 Regions
  7. Mission of China to the EUDigital Economy Shaping China's Future, Over 30% of GDP
  8. Macedonian Human Rights Movement Int.Suing the Governments of Macedonia and Greece for Changing Macedonia's Name
  9. Dialogue PlatformBeyond the Errors in the War on Terror: How to Fight Global Militarism - 22 February
  10. Swedish EnterprisesHarnessing Globalization- at What Cost? Keynote Speaker Commissioner Malmström
  11. European Friends of ArmeniaSave The Date 28/02: “Nagorno-Karabakh & the EU: 1988-2018”
  12. European Heart NetworkSmart CAP is Triple Win for Economy, Environment and Health

Latest News

  1. MPs demand Council become more transparent
  2. Eurogroup starts process to pick new ECB chiefs
  3. 'Fact of life': some EU funding in new tech will get lost
  4. EU asks charities to explain anti-abuse measures
  5. ECB, Budget, EU elections This WEEK
  6. EU states stay mute on implementation of mercury bill
  7. Baltic states demand bigger EU budget
  8. Germany raises concerns over Hungary's 'Stop Soros' bills

Stakeholders' Highlights

  1. European Free AlllianceEFA Joined the Protest in Aiacciu to Solicit a Dialogue After the Elections
  2. EPSUDrinking Water Directive Step Forward but Human Right to Water Not Recognized
  3. European Gaming & Betting AssociationGambling Operators File Data Protection Complaint Against Payment Block in Norway
  4. European Jewish CongressEJC Expresses Deep Concern Over Proposed Holocaust Law in Poland
  5. CECEConstruction Industry Gets Together to Discuss the Digital Revolution @ the EU Industry Days
  6. Mission of China to the EUChina-EU Relations in the New Era
  7. European Free AlllianceEnd Discrimination of European Minorities - Sign the Minority Safepack Initiative
  8. Centre Maurits Coppieters“Diversity Shouldn’t Be Only a Slogan” Lorant Vincze (Fuen) Warns European Commission
  9. Dialogue PlatformWhat Can Christians Learn from a Global Islamic Movement?
  10. European Jewish CongressEJC President Warns Europe as Holocaust Memory Fades
  11. European Free AlllianceNo Justice From the Spanish Supreme Court Ruling
  12. Nordic Council of MinistersNordic Solutions for Sustainable Cities: New Grants Awarded for Branding Projects